Copyright © 2002 ProsoftTraining. All rights reserved.

Advanced Internet System Management

Copyright © 2002 ProsoftTraining. All rights reserved.

Lesson 1:Mission-Critical Services

Objectives

• Identify foundational services, including DNS, WINS and Samba

• List mission-critical services• Discuss system maintenance and logging• Describe performance monitoring and server

optimization issues• Identify the importance of implementing

security features for your servers

Foundational Services

• Domain Name System• Windows Internet Naming Service• Samba• Server Message Blocks• NetBIOS over TCP/IP• Network File System

Types ofMission-Critical Services

• HTTP servers• Streaming media servers• Database servers• E-commerce servers• News servers• E-mail servers• Security services

Performance Monitoringand Server Optimization

• Logging services

• Auditing services

• Performance Monitor

Fault Tolerance

The ability for a host or network to recover from an error or system failure

HighAvailability Clustering

• Reading available resources• Reduced network latency• Centralized administration• Scalability

Backup

• Backup considerations

– Backup of critical host operating systems

and files

– Off-site file storage

– UNIX and NT backup programs

– Backup devices

– Backup tapes

Summary

Identify foundational services, including DNS, WINS and Samba

List mission-critical services Discuss system maintenance and logging Describe performance monitoring and server

optimization issues Identify the importance of implementing

security features for your servers

Copyright © 2002 ProsoftTraining. All rights reserved.

Lesson 2:Installing and

Configuring a Web Server

Objectives

• Identify the basic functions of a Web server• Explain how a Web server identifies file types• Customize the server root directories• Redirect URLs and add default document

types

Objectives (cont’d)

• Enable user-based authentication for the Web server

• Control access to a Web server based on IP address

• Enable HTML administration for IIS 5.0• Create virtual servers and directories in IIS

and Apache Server

Web ServerRoot Directory

Web server

Web server root: C:\inetpub\wwwroot

Normally, all documents issued by the server

must reside beneath the root directory

Common Web Servers

• Apache Server• Microsoft IIS• Netscape Enterprise Server• Zeus Web server

Configuring IIS

• Using the IIS snap-in• Connecting to the Web server

– The Home Directory tab– The Documents tab– The Directory Security tab

• Controlling access by computer account• Controlling access by IP address• The Performance and Custom Errors tabs

Virtual Servers

• Dedicated virtual servers• Simple virtual servers• Shared virtual servers

Apache Server

• Location of Apache Server files• File placement• Apache Server RPM files

AdministeringApache Server

• Apache Server processes• Stopping and starting httpd• Configuring Apache Server

Virtual Serversand Apache

• The NameVirtualHost directive• Order of entries

Summary

Identify the basic functions of a Web server Explain how a Web server identifies file types Customize the server root directories Redirect URLs and add default document

types

Summary (cont’d)

Enable user-based authentication for the Web server

Control access to a Web server based on IP address

Enable HTML administration for IIS 5.0 Create virtual servers and directories in IIS

and Apache Server

Copyright © 2002 ProsoftTraining. All rights reserved.

Lesson 3:Advanced Web

Server Configuration

Objectives

• Implement common e-commerce elements• Identify key HTTP error messages• Create a custom HTTP error message in IIS 5.0• Explain how Web servers and clients use

MIME

Objectives (cont’d)

• Describe how Web applications work with IIS 5.0

• Execute ASP and CGI scripts in ane-commerce setting

• Connect a Web site to a database using a Web application

• Install, configure and test a streaming media server

HypertextTransfer Protocol

• Application-layer protocol• HTTP requests and replies

– Command/Status– Headers– Body

HTTP Version 1.1Request Commands

• Options• Get• Head• Post• Put• Delete• Trace

Web Applications and E-Commerce

• Web application types– Client-side applications– Server-side applications

Server-Side Applications and E-Commerce

• Internet Database Connector (IDC)• Internet Server Application Programming

Interface (ISAPI)• Application servers

– Allaire ColdFusion– IBM WebSphere Application Server– Microsoft Transaction Server– Microsoft IIS 5.0 ASP engine– PHP

Web Applications and MIME

• MIME identifies the different types of documents and applications that Internet services manage

• MIME and labeling• MIME and file extensions

– Hard-wired– Configurable

E-Commerce WebServers and Perl

• Perl for CGI is an almost-universal way to attach Web servers to databases

Script Execution in IIS 5.0

• Scripts Only– Allows execution of ASP applications

• Scripts and Executables– Allows execution of CGI scripts

Apache Server and Perl

• Placing a CGI script in Apache Server

• Troubleshooting a Perl installation inLinux

E-Commerce Web Servers and Gateways

• Gateways• Performance• Databases

Active Server Pages

Microsoft technology that implements Web applications

ODBC, Web Gatewaysand E-Commerce

• Adding a system DSN• Registering a database with Windows 2000• Implementing a gateway in IIS using ASP

Streaming Media Servers

• Streaming media server standard• Streaming server hardware and software

requirements• On-demand versus live streaming• URLs and port numbers• RealServer mount points

Summary

Implement common e-commerce elements Identify key HTTP error messages Create a custom HTTP error message in IIS 5.0 Explain how Web servers and clients use

MIME

Summary (cont’d)

Describe how Web applications work with IIS 5.0

Execute ASP and CGI scripts in ane-commerce setting

Connect a Web site to a database using a Web application

Install, configure and test a streaming media server

Copyright © 2002 ProsoftTraining. All rights reserved.

Lesson 4:Enabling SecureSockets Layer

Objectives

• Describe the functions of SSL• Identify the SSL handshake process• Use the IIS 5.0 snap-in to generate an SSL

certificate request• Deploy the Certificate Authority snap-in to

sign certificate requests• Configure IIS 5.0 to use SSL

Secure Sockets Layer (SSL)

• The Web server and the client browser exchange and negotiate a secure communications link

SSL Architecture

Server Machine

Application Layer (Telnet,FTP,HTTP,NFS,NIS)

SSL

UDP Transport Layer (TCP)

Network Layer

Client Machine

Application Layer (Telnet,FTP,HTTP,NFS,NIS)

SSL

UDP Transport Layer (TCP)

Network Layer

Secure Encrypted

Application Layer Traffic

SSL and Channel Security

• The channel is private

• The channel is authenticated

• The channel is reliable

SSL Handshake

• Hello phase• Key Exchange phase• Session Key

Production phase

• Server Verify phase• Client

Authentication phase

• Finished phase

Applying SSL Encryption

• 40-bit key• 128-bit key

Requesting andInstalling a Certificate

• Certificate types• The X.509v3 standard• Revocation lists• Certificate benefits• Certificate shortcomings

Certificate Concerns

• Password-protected text file• Binding• CA security• Data sniffing and tampering

Summary

Describe the functions of SSL Identify the SSL handshake process Use the IIS 5.0 snap-in to generate an SSL

certificate request Deploy the Certificate Authority snap-in to

sign certificate requests Configure IIS 5.0 to use SSL

Copyright © 2002 ProsoftTraining. All rights reserved.

Lesson 5:Configuring and

Managing a News Server

Objectives

• Create a newsgroup in both Windows 2000 and Linux

• Configure newsgroup expiration policies• Control access to a news server through IP

address filtering and user-based authentication

NNTP Service

• Usenet newsgroups• Private and Usenet

NNTP servers• The Expires header

Summary

Create a newsgroup in both Windows 2000 and Linux

Configure newsgroup expiration policies Control access to a news server through IP

address filtering and user-based authentication

Copyright © 2002 ProsoftTraining. All rights reserved.

Lesson 6:E-Mail

Server Essentials

Objectives

• Describe the process of sending an e-mail message

• Explain key e-mail server concepts• Describe the functions of e-mail protocols

Sending andDelivering E-Mail

End User

SMTP Server

End User

E-Mail Agents

• Mail transfer agent• Mail delivery agent• Mail user agent

E-Mail ServerTerminology

• Masquerading• Aliasing• Relaying

Simple Mail Transfer Protocol

• SMTP commands– helo– ehlo– mail from– rcpt to– data– quit

Post Office Protocol 3 (POP3)

• POP3 commands– user– pass– list– retr– dele– quit

IMAP and LDAP

• IMAP and e-mail clients• Lightweight Directory Access Protocol

Web Mail

• E-mail servers:– Create a Web interface– Provide Web-based access

Summary

Describe the process of sending an e-mail message

Explain key e-mail server concepts Describe the functions of e-mail protocols

Copyright © 2002 ProsoftTraining. All rights reserved.

Lesson 7:Configuring

E-Mail Servers

Objectives

• Identify the purpose and usefulness of MX records

• Discuss DNS as it applies to e-mail servers• Configure an e-mail server in

Windows 2000• Manage a Web-based e-mail service• Deploy a list server

MX Recordsand E-Mail Servers

• MX records inform the DNS server where to direct e-mail messages– Intradomain e-mail– Interdomain e-mail

Intradomain E-Mail

DNS Server

E-Mail Server Patrick.ciwcertifed.com

james.ciwcertifed.com

Interdomain E-Mail

DNS Server

E-Mail Servermail.stanger.com

E-Mail Servermail.lane.com

james.stanger.com

patrick.lane.com

lane.com

stanger.com

Mail Exchange Record Fields

• Domain name• IN• MX• Numerical value• Server name

Summary

Identify the purpose and usefulness of MX records

Discuss DNS as it applies to e-mail servers Configure an e-mail server in

Windows 2000 Manage a Web-based e-mail service Deploy a list server

Copyright © 2002 ProsoftTraining. All rights reserved.

Lesson 8:Proxy Servers

Objectives

• Explain the benefits of a proxy server• Differentiate between public and private

IP addresses• Install and configure Web-based and SMTP-

based proxy servers

Proxy Servers

• Connecting to a proxy server• Modifying clients

Connecting to aProxy Server

Ethernet

Client

Internet

Web ServerProxy

Proxy Server Considerations

• Advanced users may try to bypass the proxy server

• You need a license that allows enough connections for all employees

Summary

Explain the benefits of a proxy server Differentiate between public and private IP

addresses Install and configure Web-based and SMTP-

based proxy servers

Summary

Explain the benefits of a proxy server Differentiate between public and private IP

addresses Install and configure Web-based and SMTP-

based proxy servers

Copyright © 2002 ProsoftTraining. All rights reserved.

Lesson 9:Logging Activity

Objectives

• Explain the need for logging activity generated by servers and services

• Configure Web server logs in IIS, Apache Server and ftpd

• Identify the need to check DNS and e-mail logs

• View information from a Web server log file using commercial log analysis software

Logging Information

• Server efficiency• Usage rate• Revenue generation• Security

Setting Priorities

• Mission criticality• Service type• Server location• Recent

installations

Evaluating Logs

• Peak usage rates• Error messages• Failed logon attempts

HTTP Server Log Files

• Server log• Access log• Error log• Referrer log• Agent log

FTP Log Files

• FTP log files contain the following information– IP address of the client connecting to your

server– Client’s user name– Date and time the connection was made– IP address of the server– Commands issued

FileAnalysis Software

• WebTrends• Webalizer

Summary

Explain the need for logging activity generated by servers and services

Configure Web server logs in IIS, Apache Server and ftpd

Identify the need to check DNS and e-mail logs

View information from a Web server log file using commercial log analysis software

Copyright © 2002 ProsoftTraining. All rights reserved.

Lesson 10:Monitoring and

Optimizing Internet Servers

Objectives

• Explain the need for server monitoring and optimization

• Use tools when monitoring and optimizing servers

• Identify key Internet server elements to monitor

• Adjust Internet server settings to meet expected workload

Analyzing Server Performance

• Server and service log files• Protocol analyzers (packet sniffers)• System performance tools

Queues and Bottlenecks

• Queue– Sequence of

requests for services

• Bottleneck– Number of

incoming requests exceeds that rate at which the system can service them

Correcting Bottlenecks

• Speed up the component causing the bottleneck by upgrading or replacing it

• Replicate the component causing the bottleneck by distributing the demand for a service across multiple servers

• Increase the capacity of the queues in the system to tolerate more requests

HardwareConcerns

• Web servers• Web applications and session state

Summary

Explain the need for server monitoring and optimization

Use tools when monitoring and optimizing servers

Identify key Internet server elements to monitor

Adjust Internet server settings to meet expected workload

Copyright © 2002 ProsoftTraining. All rights reserved.

Lesson 11:Fault Tolerance

and System Backup

Objectives

• Identify ways to create fault tolerance in a network host

• Explain the concept of offsite storage• Implement procedures for disaster

assessment• Follow a data recovery strategy• Implement recovery procedures to repair

corrupted data

Fault Tolerance

The ability of a system or application to recover lost information due to a hardware or software failure

RAID

• RAID 0: disk striping• RAID 1: disk mirroring• RAID 4: disk striping with large blocks• RAID 5: disk striping with parity

Additional FaultTolerance Options

• Hot swapping• Uninterruptible power supply• Folder replication• Offsite storage and site mirroring• Removable media

Site Redirection

Helps recover from system outages and denial-of-service attacks by redirecting Internet services and sites

Tape Backupand Removable Media

• Floppy disks• Zip disks• CD-ROMs• Tapes

Planning aBackup Strategy

• Determining which files to back up• Choosing local or network backup types• Selecting a backup method• Planning and practicing restoration

procedures• Ensuring that you have verified all backup

files

Disaster Assessmentand Recovery

• Windows 2000 and Linux boot disks• Windows 2000 system state data• Windows Emergency Repair Disk• Windows 2000 Safe Mode• Troubleshooting Linux

Summary

Identify ways to create fault tolerance in a network host

Explain the concept of offsite storage Implement procedures for disaster

assessment Follow a data recovery strategy Implement recovery procedures to repair

corrupted data

Copyright © 2002 ProsoftTraining. All rights reserved.

Lesson 12:Security Overview

Overview

• Identify vulnerabilities commonly found in various operating systems

• List the steps to counteract operating system weaknesses

• Define firewall and intrusion detection concepts

• Discuss the effect of security measures on employees and system hosts

• Recognize security breaches

Server Vulnerabilities

• Users and group permissions• Multiple partitions• Policies• System defaults• System bugs

This System is Secure!

Enhancing Server Security

• Enabling shadow passwords• Removing unnecessary system services

Firewalls

• Create a perimeter that protects your private network from other public networks

Firewall Functions

• Enhance logging and authentication• Encrypt transmissions between hosts and/or

networks• Provide enhanced security• Default to one of two types of behavior

– Reject all traffic unless explicitly permitted– Allow all traffic unless explicitly denied

Firewall Types

• Packet filter• Application-level gateway proxy• Circuit-level gateway proxy

Firewall Terminology

• Internal interfaces• External interfaces• Demilitarized zone• Rule• Bastion host

IntrusionDetection Systems

• Network-based IDS• Host-based IDS• Hybrid IDS

Security Tradeoffs

• Complexity• Host performance

degradation• Unintended denial

of service

RecognizingSecurity Breaches

• Failed logons• Unexplained or common system shutdowns

and restarts• Changes in user privileges• Added or removed accounts• System processes that have been shut down,

activated or restarted• Changes in file permissions

Summary

Identify vulnerabilities commonly found in various operating systems

List the steps to counteract operating system weaknesses

Define firewall and intrusion detection concepts

Discuss the effect of security measures on employees and system hosts

Recognize security breaches

Advanced InternetSystem Management

Mission-Critical Services Installing and Configuring a Web Server Advanced Web Server Configuration Enabling Secure Sockets Layer Configuring and Managing a News Server E-Mail Server Essentials

Advanced InternetSystem Management

Configuring E-Mail Servers Proxy Servers Logging Activity Monitoring and Optimizing Internet Servers Fault Tolerance and System Backup Security Overview